// Copyright 2014 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "trunks/password_authorization_delegate.h"

#include <string>

#include <gtest/gtest.h>

namespace trunks {

// This test looks at initialization of the delegate with no password.
// It should initailize with a zero length internal password buffer.
TEST(PasswordAuthorizationDelegateTest, NullInitialization) {
  PasswordAuthorizationDelegate delegate("");
  EXPECT_EQ(delegate.password_.size, 0);
}

// This test checks the generation of an authorization structure by the
// delegate. It compared the serialized structure generated by the delegate
// to the expected authorization string.
TEST(PasswordAuthorizationDelegateTest, SerializationTest) {
  std::string expected_auth("\x40\x00\x00\x09"  // session_handle = TPM_RS_PW
                            "\x00\x00"          // nonce = zero length buffer
                            "\x01"     // session_attributes = continueSession
                            "\x00\x06"          // password length
                            "secret",           // password
                            15);
  PasswordAuthorizationDelegate delegate("secret");
  std::string authorization;
  std::string command_hash;
  bool authorization_result = delegate.GetCommandAuthorization(command_hash,
                                                               false, false,
                                                               &authorization);
  EXPECT_EQ(authorization_result, true);
  EXPECT_EQ(authorization.length(), expected_auth.length());
  EXPECT_EQ(expected_auth.compare(authorization), 0);
}

// This test looks at the delegate's ability to parse and check authorization
// responses when the response is well formed.
TEST(PasswordAuthorizationDelegateTest, ParseGoodParams) {
  std::string auth_response("\x00\x00"   // nonceTpm = zero length buffer
                            "\x01"       // session_attributes = continueSession
                            "\x00\x00",  // hmac = zero length buffer
                            5);
  PasswordAuthorizationDelegate delegate("secret");
  std::string response_hash;
  bool authorization_result = delegate.CheckResponseAuthorization(
      response_hash,
      auth_response);
  EXPECT_EQ(authorization_result, true);
}

// This test checks the delegate's ability to correctly identify an incorrect
// authorization response.
TEST(PasswordAuthorizationDelegateTest, ParseBadParams) {
  std::string auth_response("\x00\x00"  // nonceTpm = zero length buffer
                            "\x01"      // session_attributes = continueSession
                            "\x00\x06"  // password length
                            "secret",   // password
                            11);
  PasswordAuthorizationDelegate delegate("secret");
  std::string response_hash;
  bool authorization_result = delegate.CheckResponseAuthorization(
      response_hash,
      auth_response);
  EXPECT_EQ(authorization_result, false);
}

// This test confirms that after encrypting and decrypting a parameter,
// we get the original parameter back.
TEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) {
  PasswordAuthorizationDelegate delegate("secret");
  std::string plaintext_parameter("parameter");
  std::string encrypted_parameter(plaintext_parameter);
  ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0);
  delegate.EncryptCommandParameter(&encrypted_parameter);
  delegate.DecryptResponseParameter(&encrypted_parameter);
  EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0);
}

}  // namespace trunks
